Creating an ultimate anti-virus and anti-spam email gateway
What i'm wanting to do is the following:
Having an email server gateway (ideally running under linux since its the OS i'm most familiar with) which has both a whitelist and a blacklist for emails plus some kind of scanning ability for certain windows virii. (or at least the ability for me to define if something is in an email send it onto the admin or send it to /dev/null).
I want it so when an email is first received it is checked for say exploit code against a list setup by the admin (if it contains virus/exploit code then it gets sent to admin or to /dev/null) then the email is checked against a anti-spam blacklist, if it passes that then it goes onto the next check the whitelist, if the email address is on the whitelist of allowed from email addresses then it gets sent to the primary email server. If not then it gets sent to admin.
The reason for the exploit code thing is simple, at the moment we have an ms exchange 2k server setup as the email server (don't look at me, was before I joined the company) with anti-virus software for both the server and on the workstations.
Now, after I joined the company I obviously did a lot of security improvements since the previous person did not do much in the way of network security. Since at the moment we're mostly a Microsoft place. (hiss, boo yada yada)
Now, viruses got past the anti-virus scanners a couple of times but because of some of the security measures (like disabling people from opening .pif files etc in Outlook) no machines got infected. (even though the anti-virus software was upto date it didn't detect some virii)
Now, I know there are to my knowledge 31 unpatched holes currently in IE some not so serious and others very serious.
So I have to take into consideration that at some point we will end up with a machine or machines infected with a virus no matter how well prepared we are.
If anyone can point me to any guides or information on creating an email gateway under linux that can check emails for certain strings, check emails against a blacklist and then check against a whitelist (which should be easilly able to add new addresses to, ideally i'd want it so users on the network could login via some sort of web interface and can define trusted from addresses for themselves) i'd be grateful.
BTW, I know about lawmonkey.org/anti-spam.html but thats under OpenBSD and primarilly anti-spam only.